Commit f3164c02 authored by Tom Lane's avatar Tom Lane

Clean up psql's control-C handling to avoid longjmp'ing out of random

places --- that risks corrupting data structures, losing sync with the
backend, etc.  We now longjmp only from calls to readline, fgets, and
fread, which we assume are coded to protect themselves against interrupts
at undesirable times.  This requires adding explicit tests for
cancel_pressed in long-running loops, but on the whole it's far cleaner.
Martijn van Oosterhout and Tom Lane.
parent ace93353
......@@ -3,7 +3,7 @@
*
* Copyright (c) 2000-2006, PostgreSQL Global Development Group
*
* $PostgreSQL: pgsql/src/bin/psql/common.c,v 1.118 2006/05/26 19:51:29 tgl Exp $
* $PostgreSQL: pgsql/src/bin/psql/common.c,v 1.119 2006/06/14 16:49:02 tgl Exp $
*/
#include "postgres_fe.h"
#include "common.h"
......@@ -16,7 +16,6 @@
#ifndef WIN32
#include <sys/time.h>
#include <unistd.h> /* for write() */
#include <setjmp.h>
#else
#include <io.h> /* for _write() */
#include <win32.h>
......@@ -58,8 +57,6 @@ typedef struct _timeb TimevalStruct;
((T)->millitm - (U)->millitm))
#endif
extern bool prompt_state;
static bool command_no_begin(const char *query);
......@@ -219,46 +216,61 @@ NoticeProcessor(void *arg, const char *message)
/*
* Code to support query cancellation
*
* Before we start a query, we enable a SIGINT signal catcher that sends a
* Before we start a query, we enable the SIGINT signal catcher to send a
* cancel request to the backend. Note that sending the cancel directly from
* the signal handler is safe because PQcancel() is written to make it
* so. We use write() to print to stderr because it's better to use simple
* so. We use write() to report to stderr because it's better to use simple
* facilities in a signal handler.
*
* On win32, the signal cancelling happens on a separate thread, because
* that's how SetConsoleCtrlHandler works. The PQcancel function is safe
* for this (unlike PQrequestCancel). However, a CRITICAL_SECTION is required
* to protect the PGcancel structure against being changed while the other
* to protect the PGcancel structure against being changed while the signal
* thread is using it.
*
* SIGINT is supposed to abort all long-running psql operations, not only
* database queries. In most places, this is accomplished by checking
* cancel_pressed during long-running loops. However, that won't work when
* blocked on user input (in readline() or fgets()). In those places, we
* set sigint_interrupt_enabled TRUE while blocked, instructing the signal
* catcher to longjmp through sigint_interrupt_jmp. We assume readline and
* fgets are coded to handle possible interruption. (XXX currently this does
* not work on win32, so control-C is less useful there)
*/
static PGcancel *cancelConn = NULL;
volatile bool sigint_interrupt_enabled = false;
sigjmp_buf sigint_interrupt_jmp;
static PGcancel * volatile cancelConn = NULL;
#ifdef WIN32
static CRITICAL_SECTION cancelConnLock;
#endif
volatile bool cancel_pressed = false;
#define write_stderr(str) write(fileno(stderr), str, strlen(str))
#ifndef WIN32
void
static void
handle_sigint(SIGNAL_ARGS)
{
int save_errno = errno;
char errbuf[256];
/* Don't muck around if prompting for a password. */
if (prompt_state)
return;
if (cancelConn == NULL)
siglongjmp(main_loop_jmp, 1);
/* if we are waiting for input, longjmp out of it */
if (sigint_interrupt_enabled)
{
sigint_interrupt_enabled = false;
siglongjmp(sigint_interrupt_jmp, 1);
}
/* else, set cancel flag to stop any long-running loops */
cancel_pressed = true;
/* and send QueryCancel if we are processing a database query */
if (cancelConn != NULL)
{
if (PQcancel(cancelConn, errbuf, sizeof(errbuf)))
write_stderr("Cancel request sent\n");
else
......@@ -266,8 +278,17 @@ handle_sigint(SIGNAL_ARGS)
write_stderr("Could not send cancel request: ");
write_stderr(errbuf);
}
}
errno = save_errno; /* just in case the write changed it */
}
void
setup_cancel_handler(void)
{
pqsignal(SIGINT, handle_sigint);
}
#else /* WIN32 */
static BOOL WINAPI
......@@ -278,15 +299,17 @@ consoleHandler(DWORD dwCtrlType)
if (dwCtrlType == CTRL_C_EVENT ||
dwCtrlType == CTRL_BREAK_EVENT)
{
if (prompt_state)
return TRUE;
/*
* Can't longjmp here, because we are in wrong thread :-(
*/
/* set cancel flag to stop any long-running loops */
cancel_pressed = true;
/* Perform query cancel */
/* and send QueryCancel if we are processing a database query */
EnterCriticalSection(&cancelConnLock);
if (cancelConn != NULL)
{
cancel_pressed = true;
if (PQcancel(cancelConn, errbuf, sizeof(errbuf)))
write_stderr("Cancel request sent\n");
else
......@@ -304,24 +327,14 @@ consoleHandler(DWORD dwCtrlType)
return FALSE;
}
void
setup_win32_locks(void)
{
InitializeCriticalSection(&cancelConnLock);
}
void
setup_cancel_handler(void)
{
static bool done = false;
InitializeCriticalSection(&cancelConnLock);
/* only need one handler per process */
if (!done)
{
SetConsoleCtrlHandler(consoleHandler, TRUE);
done = true;
}
}
#endif /* WIN32 */
......@@ -386,16 +399,22 @@ CheckConnection(void)
*
* Set cancelConn to point to the current database connection.
*/
static void
void
SetCancelConn(void)
{
PGcancel *oldCancelConn;
#ifdef WIN32
EnterCriticalSection(&cancelConnLock);
#endif
/* Free the old one if we have one */
if (cancelConn != NULL)
PQfreeCancel(cancelConn);
oldCancelConn = cancelConn;
/* be sure handle_sigint doesn't use pointer while freeing */
cancelConn = NULL;
if (oldCancelConn != NULL)
PQfreeCancel(oldCancelConn);
cancelConn = PQgetCancel(pset.db);
......@@ -413,15 +432,19 @@ SetCancelConn(void)
void
ResetCancelConn(void)
{
PGcancel *oldCancelConn;
#ifdef WIN32
EnterCriticalSection(&cancelConnLock);
#endif
if (cancelConn)
PQfreeCancel(cancelConn);
oldCancelConn = cancelConn;
/* be sure handle_sigint doesn't use pointer while freeing */
cancelConn = NULL;
if (oldCancelConn != NULL)
PQfreeCancel(oldCancelConn);
#ifdef WIN32
LeaveCriticalSection(&cancelConnLock);
#endif
......@@ -453,15 +476,8 @@ AcceptResult(const PGresult *result, const char *query)
case PGRES_TUPLES_OK:
case PGRES_EMPTY_QUERY:
case PGRES_COPY_IN:
/* Fine, do nothing */
break;
case PGRES_COPY_OUT:
/*
* Keep cancel connection active during copy out state.
* The matching ResetCancelConn() is in handleCopyOut.
*/
SetCancelConn();
/* Fine, do nothing */
break;
default:
......@@ -648,12 +664,16 @@ ProcessCopyResult(PGresult *results)
break;
case PGRES_COPY_OUT:
SetCancelConn();
success = handleCopyOut(pset.db, pset.queryFout);
ResetCancelConn();
break;
case PGRES_COPY_IN:
SetCancelConn();
success = handleCopyIn(pset.db, pset.cur_cmd_source,
PQbinaryTuples(results));
ResetCancelConn();
break;
default:
......
......@@ -3,14 +3,13 @@
*
* Copyright (c) 2000-2006, PostgreSQL Global Development Group
*
* $PostgreSQL: pgsql/src/bin/psql/common.h,v 1.49 2006/06/01 00:15:36 tgl Exp $
* $PostgreSQL: pgsql/src/bin/psql/common.h,v 1.50 2006/06/14 16:49:02 tgl Exp $
*/
#ifndef COMMON_H
#define COMMON_H
#include "postgres_fe.h"
#include <signal.h>
#include "pqsignal.h"
#include <setjmp.h>
#include "libpq-fe.h"
#ifdef USE_ASSERT_CHECKING
......@@ -41,16 +40,17 @@ __attribute__((format(printf, 1, 2)));
extern void NoticeProcessor(void *arg, const char *message);
extern volatile bool cancel_pressed;
extern volatile bool sigint_interrupt_enabled;
extern void ResetCancelConn(void);
extern sigjmp_buf sigint_interrupt_jmp;
extern volatile bool cancel_pressed;
/* Note: cancel_pressed is defined in print.c, see that file for reasons */
#ifndef WIN32
extern void handle_sigint(SIGNAL_ARGS);
#else
extern void setup_win32_locks(void);
extern void setup_cancel_handler(void);
#endif
extern void SetCancelConn(void);
extern void ResetCancelConn(void);
extern PGresult *PSQLexec(const char *query, bool start_xact);
......
......@@ -3,7 +3,7 @@
*
* Copyright (c) 2000-2006, PostgreSQL Global Development Group
*
* $PostgreSQL: pgsql/src/bin/psql/copy.c,v 1.65 2006/06/07 22:24:45 momjian Exp $
* $PostgreSQL: pgsql/src/bin/psql/copy.c,v 1.66 2006/06/14 16:49:02 tgl Exp $
*/
#include "postgres_fe.h"
#include "copy.h"
......@@ -550,11 +550,15 @@ do_copy(const char *args)
switch (PQresultStatus(result))
{
case PGRES_COPY_OUT:
SetCancelConn();
success = handleCopyOut(pset.db, copystream);
ResetCancelConn();
break;
case PGRES_COPY_IN:
SetCancelConn();
success = handleCopyIn(pset.db, copystream,
PQbinaryTuples(result));
ResetCancelConn();
break;
case PGRES_NONFATAL_ERROR:
case PGRES_FATAL_ERROR:
......@@ -651,9 +655,6 @@ handleCopyOut(PGconn *conn, FILE *copystream)
}
PQclear(res);
/* Disable cancel connection (see AcceptResult in common.c) */
ResetCancelConn();
return OK;
}
......@@ -675,11 +676,31 @@ handleCopyOut(PGconn *conn, FILE *copystream)
bool
handleCopyIn(PGconn *conn, FILE *copystream, bool isbinary)
{
bool OK = true;
bool OK;
const char *prompt;
char buf[COPYBUFSIZ];
PGresult *res;
/*
* Establish longjmp destination for exiting from wait-for-input.
* (This is only effective while sigint_interrupt_enabled is TRUE.)
*/
if (sigsetjmp(sigint_interrupt_jmp, 1) != 0)
{
/* got here with longjmp */
/* Terminate data transfer */
PQputCopyEnd(conn, _("aborted by user cancel"));
/* Check command status and return to normal libpq state */
res = PQgetResult(conn);
if (PQresultStatus(res) != PGRES_COMMAND_OK)
psql_error("%s", PQerrorMessage(conn));
PQclear(res);
return false;
}
/* Prompt if interactive input */
if (isatty(fileno(copystream)))
{
......@@ -691,10 +712,10 @@ handleCopyIn(PGconn *conn, FILE *copystream, bool isbinary)
else
prompt = NULL;
OK = true;
if (isbinary)
{
int buflen;
/* interactive input probably silly, but give one prompt anyway */
if (prompt)
{
......@@ -702,8 +723,20 @@ handleCopyIn(PGconn *conn, FILE *copystream, bool isbinary)
fflush(stdout);
}
while ((buflen = fread(buf, 1, COPYBUFSIZ, copystream)) > 0)
for (;;)
{
int buflen;
/* enable longjmp while waiting for input */
sigint_interrupt_enabled = true;
buflen = fread(buf, 1, COPYBUFSIZ, copystream);
sigint_interrupt_enabled = false;
if (buflen <= 0)
break;
if (PQputCopyData(conn, buf, buflen) <= 0)
{
OK = false;
......@@ -732,8 +765,16 @@ handleCopyIn(PGconn *conn, FILE *copystream, bool isbinary)
while (!linedone)
{ /* for each bufferload in line ... */
int linelen;
char *fgresult;
/* enable longjmp while waiting for input */
sigint_interrupt_enabled = true;
fgresult = fgets(buf, COPYBUFSIZ, copystream);
sigint_interrupt_enabled = false;
if (!fgets(buf, COPYBUFSIZ, copystream))
if (!fgresult)
{
copydone = true;
break;
......
......@@ -3,7 +3,7 @@
*
* Copyright (c) 2000-2006, PostgreSQL Global Development Group
*
* $PostgreSQL: pgsql/src/bin/psql/describe.c,v 1.139 2006/06/01 00:15:36 tgl Exp $
* $PostgreSQL: pgsql/src/bin/psql/describe.c,v 1.140 2006/06/14 16:49:02 tgl Exp $
*/
#include "postgres_fe.h"
#include "describe.h"
......@@ -663,6 +663,11 @@ describeTableDetails(const char *pattern, bool verbose)
PQclear(res);
return false;
}
if (cancel_pressed)
{
PQclear(res);
return false;
}
}
PQclear(res);
......
......@@ -3,7 +3,7 @@
*
* Copyright (c) 2000-2006, PostgreSQL Global Development Group
*
* $PostgreSQL: pgsql/src/bin/psql/input.c,v 1.54 2006/06/11 23:06:00 tgl Exp $
* $PostgreSQL: pgsql/src/bin/psql/input.c,v 1.55 2006/06/14 16:49:02 tgl Exp $
*/
#include "postgres_fe.h"
......@@ -82,7 +82,9 @@ GetHistControlConfig(void)
* gets_interactive()
*
* Gets a line of interactive input, using readline if desired.
* The result is malloc'ed.
* The result is a malloc'd string.
*
* Caller *must* have set up sigint_interrupt_jmp before calling.
*/
char *
gets_interactive(const char *prompt)
......@@ -90,8 +92,18 @@ gets_interactive(const char *prompt)
#ifdef USE_READLINE
if (useReadline)
{
char *result;
/* Enable SIGINT to longjmp to sigint_interrupt_jmp */
sigint_interrupt_enabled = true;
/* On some platforms, readline is declared as readline(char *) */
return readline((char *) prompt);
result = readline((char *) prompt);
/* Disable SIGINT again */
sigint_interrupt_enabled = false;
return result;
}
#endif
......@@ -169,30 +181,56 @@ pg_send_history(PQExpBuffer history_buf)
* gets_fromFile
*
* Gets a line of noninteractive input from a file (which could be stdin).
* The result is a malloc'd string.
*
* Caller *must* have set up sigint_interrupt_jmp before calling.
*
* Note: we re-use a static PQExpBuffer for each call. This is to avoid
* leaking memory if interrupted by SIGINT.
*/
char *
gets_fromFile(FILE *source)
{
PQExpBufferData buffer;
static PQExpBuffer buffer = NULL;
char line[1024];
initPQExpBuffer(&buffer);
if (buffer == NULL) /* first time through? */
buffer = createPQExpBuffer();
else
resetPQExpBuffer(buffer);
while (fgets(line, sizeof(line), source) != NULL)
for (;;)
{
appendPQExpBufferStr(&buffer, line);
if (buffer.data[buffer.len - 1] == '\n')
char *result;
/* Enable SIGINT to longjmp to sigint_interrupt_jmp */
sigint_interrupt_enabled = true;
/* Get some data */
result = fgets(line, sizeof(line), source);
/* Disable SIGINT again */
sigint_interrupt_enabled = false;
/* EOF? */
if (result == NULL)
break;
appendPQExpBufferStr(buffer, line);
/* EOL? */
if (buffer->data[buffer->len - 1] == '\n')
{
buffer.data[buffer.len - 1] = '\0';
return buffer.data;
buffer->data[buffer->len - 1] = '\0';
return pg_strdup(buffer->data);
}
}
if (buffer.len > 0)
return buffer.data; /* EOF after reading some bufferload(s) */
if (buffer->len > 0) /* EOF after reading some bufferload(s) */
return pg_strdup(buffer->data);
/* EOF, so return null */
termPQExpBuffer(&buffer);
return NULL;
}
......
......@@ -3,7 +3,7 @@
*
* Copyright (c) 2000-2006, PostgreSQL Global Development Group
*
* $PostgreSQL: pgsql/src/bin/psql/large_obj.c,v 1.43 2006/05/28 21:13:54 tgl Exp $
* $PostgreSQL: pgsql/src/bin/psql/large_obj.c,v 1.44 2006/06/14 16:49:02 tgl Exp $
*/
#include "postgres_fe.h"
#include "large_obj.h"
......@@ -120,10 +120,13 @@ do_lo_export(const char *loid_arg, const char *filename_arg)
if (!start_lo_xact("\\lo_export", &own_transaction))
return false;
SetCancelConn();
status = lo_export(pset.db, atooid(loid_arg), filename_arg);
ResetCancelConn();
/* of course this status is documented nowhere :( */
if (status != 1)
{ /* of course this status is documented nowhere
* :( */
{
fputs(PQerrorMessage(pset.db), stderr);
return fail_lo_xact("\\lo_export", own_transaction);
}
......@@ -153,7 +156,10 @@ do_lo_import(const char *filename_arg, const char *comment_arg)
if (!start_lo_xact("\\lo_import", &own_transaction))
return false;
SetCancelConn();
loid = lo_import(pset.db, filename_arg);
ResetCancelConn();
if (loid == InvalidOid)
{
fputs(PQerrorMessage(pset.db), stderr);
......@@ -211,7 +217,10 @@ do_lo_unlink(const char *loid_arg)
if (!start_lo_xact("\\lo_unlink", &own_transaction))
return false;
SetCancelConn();
status = lo_unlink(pset.db, loid);
ResetCancelConn();
if (status == -1)
{
fputs(PQerrorMessage(pset.db), stderr);
......
......@@ -3,7 +3,7 @@
*
* Copyright (c) 2000-2006, PostgreSQL Global Development Group
*
* $PostgreSQL: pgsql/src/bin/psql/mainloop.c,v 1.79 2006/06/11 23:06:00 tgl Exp $
* $PostgreSQL: pgsql/src/bin/psql/mainloop.c,v 1.80 2006/06/14 16:49:02 tgl Exp $
*/
#include "postgres_fe.h"
#include "mainloop.h"
......@@ -17,11 +17,6 @@
#include "psqlscan.h"
#include "settings.h"
#ifndef WIN32
#include <setjmp.h>
sigjmp_buf main_loop_jmp;
#endif
/*
* Main processing loop for reading lines of input
......@@ -80,16 +75,14 @@ MainLoop(FILE *source)
while (successResult == EXIT_SUCCESS)
{
/*
* Welcome code for Control-C
* Clean up after a previous Control-C
*/
if (cancel_pressed)
{
if (!pset.cur_cmd_interactive)
{
/*
* You get here if you stopped a script with Ctrl-C and a
* query cancel was issued. In that case we don't do the
* longjmp, so the query routine can finish nicely.
* You get here if you stopped a script with Ctrl-C.
*/
successResult = EXIT_USER;
break;
......@@ -98,18 +91,24 @@ MainLoop(FILE *source)
cancel_pressed = false;
}
#ifndef WIN32
if (sigsetjmp(main_loop_jmp, 1) != 0)
/*
* Establish longjmp destination for exiting from wait-for-input.
* We must re-do this each time through the loop for safety, since
* the jmpbuf might get changed during command execution.
*/
if (sigsetjmp(sigint_interrupt_jmp, 1) != 0)
{
/* got here with longjmp */
/* reset parsing state */
resetPQExpBuffer(query_buf);
psql_scan_finish(scan_state);
psql_scan_reset(scan_state);
resetPQExpBuffer(query_buf);
resetPQExpBuffer(history_buf);
count_eof = 0;
slashCmdStatus = PSQL_CMD_UNKNOWN;
prompt_status = PROMPT_READY;
cancel_pressed = false;
if (pset.cur_cmd_interactive)
putc('\n', stdout);
......@@ -120,14 +119,6 @@ MainLoop(FILE *source)
}
}
/*
* establish the control-C handler only after main_loop_jmp is ready
*/
pqsignal(SIGINT, handle_sigint); /* control-C => cancel */
#else /* WIN32 */
setup_cancel_handler();
#endif
fflush(stdout);
/*
......@@ -360,14 +351,13 @@ MainLoop(FILE *source)
}
/*
* Reset SIGINT handler because main_loop_jmp will be invalid as soon as
* we exit this routine. If there is an outer MainLoop instance, it will
* re-enable ^C catching as soon as it gets back to the top of its loop
* and resets main_loop_jmp to point to itself.
* Let's just make real sure the SIGINT handler won't try to use
* sigint_interrupt_jmp after we exit this routine. If there is an outer
* MainLoop instance, it will reset sigint_interrupt_jmp to point to
* itself at the top of its loop, before any further interactive input
* happens.
*/
#ifndef WIN32
pqsignal(SIGINT, SIG_DFL);
#endif
sigint_interrupt_enabled = false;
destroyPQExpBuffer(query_buf);
destroyPQExpBuffer(previous_buf);
......
......@@ -3,18 +3,13 @@
*
* Copyright (c) 2000-2006, PostgreSQL Global Development Group
*
* $PostgreSQL: pgsql/src/bin/psql/mainloop.h,v 1.18 2006/03/05 15:58:51 momjian Exp $
* $PostgreSQL: pgsql/src/bin/psql/mainloop.h,v 1.19 2006/06/14 16:49:02 tgl Exp $
*/
#ifndef MAINLOOP_H
#define MAINLOOP_H
#include "postgres_fe.h"
#include <stdio.h>
#ifndef WIN32
#include <setjmp.h>
extern sigjmp_buf main_loop_jmp;
#endif
int MainLoop(FILE *source);
......
This diff is collapsed.
......@@ -3,7 +3,7 @@
*
* Copyright (c) 2000-2006, PostgreSQL Global Development Group
*
* $PostgreSQL: pgsql/src/bin/psql/startup.c,v 1.132 2006/04/27 02:58:08 momjian Exp $
* $PostgreSQL: pgsql/src/bin/psql/startup.c,v 1.133 2006/06/14 16:49:02 tgl Exp $
*/
#include "postgres_fe.h"
......@@ -134,7 +134,6 @@ main(int argc, char *argv[])
#ifdef WIN32
setvbuf(stderr, NULL, _IONBF, 0);
setup_win32_locks();
#endif
setDecimalLocale();
pset.cur_cmd_source = stdin;
......@@ -371,6 +370,9 @@ main(int argc, char *argv[])
if (options.action_string) /* -f - was used */
pset.inputfile = "<stdin>";
/* establish control-C handling for interactive operation */
setup_cancel_handler();
successResult = MainLoop(stdin);
}
......
......@@ -3,7 +3,7 @@
*
* Copyright (c) 2000-2006, PostgreSQL Global Development Group
*
* $PostgreSQL: pgsql/src/bin/psql/variables.c,v 1.23 2006/03/05 15:58:52 momjian Exp $
* $PostgreSQL: pgsql/src/bin/psql/variables.c,v 1.24 2006/06/14 16:49:03 tgl Exp $
*/
#include "postgres_fe.h"
#include "common.h"
......@@ -127,7 +127,11 @@ PrintVariables(VariableSpace space)
struct _variable *ptr;
for (ptr = space->next; ptr; ptr = ptr->next)
{
printf("%s = '%s'\n", ptr->name, ptr->value);
if (cancel_pressed)
break;
}
}
bool
......
......@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $PostgreSQL: pgsql/src/port/sprompt.c,v 1.16 2006/03/05 15:59:10 momjian Exp $
* $PostgreSQL: pgsql/src/port/sprompt.c,v 1.17 2006/06/14 16:49:03 tgl Exp $
*
*-------------------------------------------------------------------------
*/
......@@ -32,7 +32,6 @@
#include <termios.h>
#endif
bool prompt_state = false;
extern char *simple_prompt(const char *prompt, int maxlen, bool echo);
char *
......@@ -57,8 +56,6 @@ simple_prompt(const char *prompt, int maxlen, bool echo)
if (!destination)
return NULL;
prompt_state = true; /* disable SIGINT */
/*
* Do not try to collapse these into one "w+" mode file. Doesn't work on
* some platforms (eg, HPUX 10.20).
......@@ -159,7 +156,5 @@ simple_prompt(const char *prompt, int maxlen, bool echo)
fclose(termout);
}
prompt_state = false; /* SIGINT okay again */
return destination;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment